Security News

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. Researchers in the ethical-hacking community Detectify Crowdsource identified the flaw in the CRX Package Manager component of Adobe's AEM. AEM is an enterprise-class tool for creating and managing websites, mobile apps and online forums.

Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products. According to the San Jose, Calif. software maker, this month's batch of patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, and the ever-present Adobe Creative Cloud Desktop Application.

Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in ten applications, including Adobe Acrobat, Reader, and Photoshop. Out of all the Adobe security updates released today, Adobe After Effects had the most fixes, with 16 vulnerabilities.

You can't possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market. A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits.

Adobe has fixed a Reader flaw exploited in attacks in the wild, as well as delivered security updates for eleven other products, including Magento, Adobe InDesign, Adobe After Effects, Adobe Creative Cloud Desktop Application, and others. Microsoft has plugged 55 security holes, none actively exploited.

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. In a security bulletin, the company acknowledged it received reports that the flaw "Has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows." Tracked as CVE-2021-28550, the zero-day concerns an arbitrary code execution flaw that could allow adversaries to execute virtually any command on target systems.

A patch for Adobe Acrobat, the world's leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software.

Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader. Of particular concern, Adobe warns that one of the Adobe Acrobat and Reader vulnerabilities tracked as CVE-2021-28550 has been exploited in the wild in limited attacks against Adobe Reader on Windows devices.

Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in "Limited attacks targeting Adobe Reader users on Windows." Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.

Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop', a new tool designed to help security teams discover anomalies in datasets. Building on previous research, white papers, and other projects from Adobe's Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats.